Composer 2.4 introduced a new command to check the dependencies in your projects for known vulnerabilities.
Sometimes folders like
node_modules consume too much space and then a small cleanup may be needed.
A few weeks ago, whilst applying the latest security patches for Magento, I ran into a problem in our build pipeline. The patches could be applied locally without any issues, but in our build pipeline applying the patches failed.
A few days ago Jordi announced the first dev build of Composer 2.0. I immediately went and downloaded it. Since version 2.x should be a lot faster, I thought it is a good idea to test it against a current Magento 2 project I am working on. I was a bit disappointed first because Composer failed with quite a few errors like that:
Sometimes you run into this situation when a git pull will respond with
Merge conflict in config.php. How to solve this issue in a proper way? Let's have a look how other people solve similar issues, namely my friend Mr. Rafael Dohms. Quite a while ago he blogged about a similar problem on how to solve conflicts in Composer's lock file. This is what I learned from his blog post:
This blog post has been sitting on my desk for quite a while but due to a lot of work in the last weeks I was not able to finish it earlier. Luckily, I found some time during my travels to finish the blog post and share my findings on the "require-dev gone wrong!" problem. While some people thought the former blog post was mostly click bait or proposed a "fix" which does not actually solve the general problem, I actually got a lot of good feedback on twitter. Even an issue for Composer was created to discuss the problem even though it was closed by now.
For a long time, I have been advocating to make use of require-dev to install development tools locally. We use this on a daily basis to install tools like Phing, PHPUnit or phpDocumentor locally for each of our (customer) projects. Given that our focus is on custom projects, this absolutely makes sense. I do not want our projects to use an old version of a given tool or update all our projects constantly to use the latest version of all the tools involved. In addition to that, a simple composer.phar install in the project root should be sufficient to install all dependencies required to build and run the project.
In my recent attempt to migrate away from our Jenkins infrastructure to the new GitLab CI Runner infrastructure I ran into a problem: Since we want to use Docker images for the GitLab CI builds I struggled a bit on how pass the authentication information for Satis and GitLab into the docker images. Since the base images - basic PHP setup - should be used for our projects I did not want to share the access credentials in the different base images. Gitlab's secret variables sounded like a good idea but unfortunately they need to be defined for each and every project. Currently we have more than 250 projects in our GitLab instance, configuring secret variables for all the projects would have been a big pain.